Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FxcYQqRBBQZ2i4QSBVdeUk6Ljtw.roa
File: FxcYQqRBBQZ2i4QSBVdeUk6Ljtw.roa (raw, json)
Hash identifier: MufiUMnf1rc6WKtDirYVGBWTsFNez10LJb9+SMf7FZw=
Subject key identifier: 17:17:18:42:A4:41:05:06:76:8B:84:12:05:57:5E:52:4E:8B:8E:DC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 718C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FxcYQqRBBQZ2i4QSBVdeUk6Ljtw.roa
Signing time: Mon 30 Jun 2025 02:44:45 +0000
ROA not before: Mon 30 Jun 2025 02:44:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29068 (0x718c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 02:44:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=17171842A4410506768B841205575E524E8B8EDC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:fb:9f:e8:42:0e:ea:f3:cb:4e:60:8c:1f:7f:
41:c0:ce:bb:5b:d7:14:68:4e:3f:bc:0d:0d:99:ec:
21:ac:f3:ed:fc:6e:aa:08:20:71:0a:62:a4:cc:06:
77:d5:7b:5d:f1:fb:18:f4:f8:69:ec:9a:84:24:cc:
8b:20:dd:83:68:71:e2:04:e6:2f:31:9b:10:5a:8d:
59:57:4c:2f:38:b8:66:eb:4a:9b:2d:40:a5:4d:78:
04:af:76:08:e3:4a:2d:13:72:e2:b5:19:19:90:c8:
3c:a5:8a:f3:c5:ee:f9:15:19:35:b4:83:d9:1b:16:
09:56:f6:cc:fd:02:47:0e:34:55:d6:6f:fe:65:6a:
c3:2e:22:90:98:6f:e6:a2:11:ca:69:e9:a5:fa:8b:
cb:af:0c:6d:36:77:e0:3e:c7:c5:ab:c4:51:42:fb:
88:21:ab:4c:2e:bb:4b:48:5d:f5:56:ac:f0:ec:44:
df:f6:a4:58:e4:88:81:e4:75:9c:91:11:b7:57:71:
28:ea:ee:fd:e0:fd:a1:1f:e1:d1:4c:59:ae:04:7d:
bb:d1:ec:8a:59:77:49:39:79:88:ac:ca:df:a3:42:
ea:65:52:ea:ec:37:3b:33:4d:fb:8f:8b:ee:ef:b7:
c9:e6:77:39:91:9f:4f:78:0a:80:b1:53:e8:35:8f:
00:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:17:18:42:A4:41:05:06:76:8B:84:12:05:57:5E:52:4E:8B:8E:DC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FxcYQqRBBQZ2i4QSBVdeUk6Ljtw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a3:26:59:96:11:0b:4a:aa:cb:26:f1:29:ec:a8:e7:2c:d1:15:
a5:f0:de:8e:df:92:60:c1:71:58:38:8e:c1:3f:41:72:10:8d:
35:1c:15:b8:bb:2f:a0:d8:bb:9c:5e:60:17:4b:86:a4:40:a1:
37:30:16:94:67:16:d1:b2:d1:3f:66:3c:ea:1e:c7:41:7f:25:
09:0f:dc:06:fe:ec:40:ad:5a:38:78:bc:5a:31:66:c0:34:86:
5a:c7:c5:5e:15:1f:b1:e2:1c:9e:40:25:4a:c2:07:46:3f:4a:
a8:7e:3b:37:b6:b1:4a:3d:bf:de:15:f9:35:6d:df:b6:bd:32:
a5:73:c4:39:09:14:27:51:94:09:4b:b3:91:22:17:a7:60:e7:
a8:56:93:b3:ed:35:9d:59:66:01:06:ac:d5:de:9c:7c:2f:88:
d4:ca:12:e2:80:29:00:99:dc:ec:a6:71:79:fc:7b:c5:65:08:
ff:26:fc:e6:7d:66:cf:9e:61:c6:bc:9f:c1:0f:13:f4:0d:53:
47:8b:b9:e0:79:49:4e:21:ab:4d:54:14:d4:55:1f:39:b0:64:
76:fe:61:6a:5a:87:6d:8a:e5:83:f7:b5:e2:62:63:04:c5:71:
55:c6:3d:38:57:19:41:3f:85:7b:1b:2c:fc:d2:5e:54:97:eb:
95:19:e7:8f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcYwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAw
MjQ0NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE3MTcxODQyQTQ0MTA1
MDY3NjhCODQxMjA1NTc1RTUyNEU4QjhFREMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDW+5/oQg7q88tOYIwff0HAzrtb1xRoTj+8DQ2Z7CGs8+38bqoI
IHEKYqTMBnfVe13x+xj0+GnsmoQkzIsg3YNoceIE5i8xmxBajVlXTC84uGbrSpst
QKVNeASvdgjjSi0TcuK1GRmQyDylivPF7vkVGTW0g9kbFglW9sz9AkcONFXWb/5l
asMuIpCYb+aiEcpp6aX6i8uvDG02d+A+x8WrxFFC+4ghq0wuu0tIXfVWrPDsRN/2
pFjkiIHkdZyREbdXcSjq7v3g/aEf4dFMWa4EfbvR7IpZd0k5eYisyt+jQuplUurs
NzszTfuPi+7vt8nmdzmRn094CoCxU+g1jwB1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFxcYQqRBBQZ2i4QSBVdeUk6LjtwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Z4Y1lRcVJCQlFaMmk0
UVNCVmRlVWs2TGp0dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCjJlmW
EQtKqssm8SnsqOcs0RWl8N6O35JgwXFYOI7BP0FyEI01HBW4uy+g2LucXmAXS4ak
QKE3MBaUZxbRstE/ZjzqHsdBfyUJD9wG/uxArVo4eLxaMWbANIZax8VeFR+x4hye
QCVKwgdGP0qofjs3trFKPb/eFfk1bd+2vTKlc8Q5CRQnUZQJS7ORIhenYOeoVpOz
7TWdWWYBBqzV3px8L4jUyhLigCkAmdzspnF5/HvFZQj/JvzmfWbPnmHGvJ/BDxP0
DVNHi7ngeUlOIatNVBTUVR85sGR2/mFqWodtiuWD97XiYmMExXFVxj04VxlBP4V7
Gyz80l5Ul+uVGeeP
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:10 2025 by rpki-client